Windows Update redirects to MSN.com

Status
Not open for further replies.

AP4LIFETN

Daemon Poster
Messages
1,009
I just did a fresh reinstall of XP SP2 on another computer, and whenever i try to go to windows update, it redirects me to MSN.com

I cannot access the windows update site, but i can still browse the microsoft site, but i cannot download anything as it gives me the "cannot find page" error.

I have tried downloading adaware, spyware doctor, and windows defender by emailing to myself, but i can't update any of them. The same thing happens with firefox, it seems that i can't update spyware or receive updates, other then that, the internet works fine and i can download from other sites with ease.

[Hijack]
Logfile of HijackThis v1.99.1
Scan saved at 4:02:02 PM, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nguyen Family\Desktop\HijackThis.exe

O1 - Hosts: http://update.microsoft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
 
Next time please pot your log in the Analyze area. There it will get more attention.

Cheers,
Mak
 
could you tell me how you removed zlob ??

im having similar problems !

i cant download any thing from the microsoft website
and when i click to update it takes me to the msn homepage!

das that mean i have zlob too ??
 
For the past three days I have been researching and applying possible fixes to get rid of the problem and make it go away but it proves to be a persistence one. Every time I try to access Windows Update it will redirect me to MSN.com. In addition, a lot of the anti-spyware/adware I tried to install would not update so I have to do them manually. This included ad-aware, which I asked a friend over messenger to download the most current definition so I can update it manually (I could access the lavasoft website alright, but when I try to download the latest definitions, it redirect me to a different page). I did try to restore my computer to the original manufactured version but it did not solve the problem. I also use Malwarebytes' Anti-Malware, which I must have done over 20 runs >.< Anways, sometimes it comes up clean and sometimes it comes back with the following again:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7399b5d5-4309-474a-8d48-ce0fb03498e5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.35 85.255.112.79 1.2.3.4 -> No action taken.

Finally I resolved the issue. It wasn't my computer at fault but the router. I became suspicious when every single computers in the house exhibit the same behavior. So to test it out, I use one computer to hard-wire to the internet without the router and I was able to access the windows update page without any problems. Whatever someone did to my router, I have to revert it back to the original manufactured version and afterward, everything ran smooth again. All of my virus software, anti-spyware/adware software are able to update without any problems now.
 
Status
Not open for further replies.
Back
Top Bottom